1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular, to a computer implemented method for securely providing services over a data network. Still more particularly, the present invention relates to a computer implemented method for identity mediation in an enterprise service bus (ESB).
2. Description of the Related Art
Data is frequently exchanged between applications executing on various data processing systems using one or more data networks. Some data networks may be regarded as public networks, such as wide area networks accessing the Internet. Other data networks may be private networks, such as local area networks, and virtual private networks (VPNs).
A data processing system situated in a public network may communicate with a data processing system situated in a private network through a variety of devices and applications. Such communications may cause an exchange of data between any combination of applications executing in public and private networks.
Applications exchanging data in this manner may be implemented using a variety of technologies. Typical system architectures found in many enterprises today are configured based on a service consumer-service provider model. Service provider applications provide functions, operations, or services to service consumer applications. Generally, the service provider and the service consumer applications communicate with each other by using an Interconnectivity and Interoperability (IIOP) layer known as enterprise service bus.
Some of the service consumer applications may be internal applications. An application is internal when the application is owned by the enterprise. An internal application may be one or more copies of one or more licensed products owned by an organization associated with the enterprise. An enterprise is a data processing environment within a private network. An application is owned by an enterprise when the application executes within the private network.
An application is external when the application is not owned by the enterprise. Generally, an external application executed on a data processing system outside the enterprise firewall.
External applications may be deployed, updated, managed, and secured under the control of an external organization. Internal applications can be service providers or service consumers or both in particular implementations. External applications can also be service providers or service consumers or both in particular implementations.
Security of the data, the systems the data resides on, and the networks where the systems operate, is a concern in data communications. Internal and external service consumer and service provider applications have to communicate with each other such that data security implementations can provide the desired level of security, while not adversely affecting performance or complexity beyond a certain level.